Language Selection

English French German Italian Portuguese Spanish

OpenSSH 8.2 was released on 2020-02-14.

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

Read more

Also: DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

OpenSSH 8.2 Released With FIDO/U2F Support

  • OpenSSH 8.2 Released With FIDO/U2F Support

    OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new features.

    The shiny new feature of OpenSSH 8.2 is support for FIDO/U2F hardware authenticators. FIDO/U2F two-factor authentication hardware can now work with OpenSSH 8.2+, including ssh-keygen can be used to generate a FIDO token backed key. Communication to the hardware token with OpenSSH is managed by a middleware library specified via the SSH/SSHD configuration, including the option for its own built-in middleware for supporting USB tokens.

OpenSSH adds support for FIDO/U2F security keys

New Qt5 and OpenSSH in [Slackware] Current

  • New Qt5 and OpenSSH in [Slackware] Current

    Another big thing happening in -current is the new OpenSSH 8.2 release which will bring some incompatible changes, especially if you are still using ssh-rsa as the algorithm. To test whether your machine is affected, try to run this command in your shell

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

    If you managed to connect using the above command, it means that your OpenSSH software is fine, but if you don't, then it needs to be upgraded.

Corbet at LWN

  • OpenSSH 8.2 released

    OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

OpenSSH Now Supports FIDO/U2F Security Keys

  • OpenSSH Now Supports FIDO/U2F Security Keys

    OpenSSH is, by far, the single most popular tool for logging into remote servers and desktops. SSH logins are generally considered fairly safe, but not 100%. If you’re not satisfied with the out the box security offered by OpenSSH, you can always opt to go with SSH key authentication. If that’s not enough, there’s always 2 Factor Authentication, which would then require you to enter a PIN generated by an application such as OTPClient or Authy.

    As of OpenSSH 8.2, there’s a newly supported option, FIDO/U2F security keys. What this means is that you can now use 2FA hardware keys (such as the Yubi Key) to authenticate your SSH login attempt.

    2FA is often considered the easiest method of adding an additional layer of security to SSH logins. However, for many, Hardware Keys are considered the single most secure means of preventing hackers from brute-forcing your SSH passwords. To make things easy, the OpenSSH developers have made it possible to generate a FIDO token-backed key using the ssh-keygen command. So anyone used to creating SSH keys shouldn’t have any problem getting up to speed with integrating hardware keys into SSH.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

  • Autostart Tmux Session On Remote System When Logging In Via SSH

    It is always a good practice to run a long running process inside a Tmux session when working with remote systems via SSH. Because, it prevents you from losing the control of the running process when the network connection suddenly drops. Just in case the network connection gets dropped for any reason, the processes inside the Tmux session will keep running on the remote systems, so you can re-attach to the Tmux session using “tmux attach” command once the network connection is back online. What if you forgot to start the Tmux session in the first place? No matter how careful you’re, sometimes you may forget to start Tmux session. Here is a simple way to avoid this problem. You can autostart Tmux session on the remote systems when logging via SSH. This is especially helpful if you lost the network connection when upgrading a remote Linux server via SSH from your local system.

  • Setup Static IP on Ubuntu 18.04 LTS Desktop and Server Operating System

    In this article, I am going to show you how to configure a static IP on Ubuntu 18.04 LTS server and desktop operating systems. So, let’s get started.

  • Amiga floppy recovery project scope

    The main goal of my Amiga project is to read the data from my old floppy disks. After a bit of hiatus (and after some gentle encouragement from friends at FOSDEM) I'm nearly done, 150/200 disks attempted so far. Ultimately I intend to get rid of the disks to free up space in my house, and probably the Amiga, too. In the meantime, what could I do with it?

  • Part 1: How to Enable Hardware Accelerators on OpenShift

    Managing hardware accelerator cards like GPUs or high-performance NICs in Kubernetes is hard. The special payload (driver, device-plugin, monitoring stack deployment and advanced feature discovery), updates and upgrades, are tedious and error-prone tasks, and often third-party vendor knowledge is needed to accomplish these steps. The Special Resource Operator (SRO) is a template for exposing and managing accelerator cards in a Kubernetes cluster. It handles the hardware seamlessly from bootstrapping to update and upgrades fully managed. The first part will describe the SRO in general where the second part will describe the building blocks in SRO and how to enable a different hardware accelerator step by step.

  • Everthing you need to know about tmux – Windows

    What are tmux Windows? tmux window is the entity that holds panes and resides within the tmux session. Think of a window in tmux as a tab in your notebook. Tabs (windows) help organize your work and group your individual pages (panes) based on some topic of your choice. By default, when tmux starts, a session is initialized. Within this session, tmux initializes a single window (by default) which occupies the entire area of the terminal. This window will contain one single pane (by default).

Screencasts/Audiocasts/Shows: MX Linux 19.1 Run Through, Late Night Linux, Linux Headlines and More

  • MX Linux 19.1 Run Through

    In this video, we are looking at MX Linux 19.1.

  • Late Night Linux – Episode 83

    Joe has been playing with a PinePhone for a week and gives an honest appraisal. Plus Will’s simple solution to his Mac woes, switching to Linux and a community crowdfunder in the news, and a packed KDE Korner.

  • 2020-02-17 | Linux Headlines

    Two separate VPN companies have recently open-sourced client software, and updates to some beloved projects.

  • Change Desktop Environments on Linux

    Let's go over what it takes to switch your desktop on Linux change it from KDE, GNOME, XFCE, MATE, Cinnamon, LXQt, etc.

Second Shortwave Beta

Today I can finally announce the second Shortwave Beta release! I planned to release it earlier, but unfortunately the last few weeks were a bit busy for me. Read more

Thanks to Linux, I just installed a pro-level video editor on my Chromebook

We’re constantly looking around for new tricks to make our Chromebooks even more capable than they’ve already become over the past couple of years. Every day, there are fewer use-cases where a Windows or Mac device is a necessity and we truly believe that Chrome OS will eventually offer comparable alternatives to that narrowing space. If there is one product, in particular, that Chrome OS will need to figure out, it’s video editing. Sure, there are great online products like WeVideo for lightweight projects and you can even find some pretty good video editing platforms in the Google Play Store but what we’re talking about is serious, high-octane editing that’s worthy of a Hollywood studio. (Well, a low-budget studio maybe.) Read more